11
CVEs
1
Critical
8
High
0
KEV
0
PoC
8
Unpatched C/H
9.1%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
8
MEDIUM
2
LOW
0
Monthly CVE Trend
Affected Products (30)
Workstation
117
Cloud Foundation
112
Fusion
102
ESXi
94
Vcenter Server
71
Identity Manager
28
Player
27
Workstation Pro
26
Workstation Player
24
Horizon Client
24
Esx
23
Tools
20
Vrealize Automation
19
Workspace One Access
15
Vrealize Operations
14
Vrealize Suite Lifecycle Manager
13
Linux Kernel
13
Horizon View
13
Aria Operations
13
Identity Manager Connector
13
Debian Linux
11
Telco Cloud Platform
11
One Access
11
Nx Os
10
Telco Cloud Infrastructure
10
Vrealize Log Insight
10
Vcenter Server Appliance
10
Access Connector
9
Aria Operations For Logs
8
View
7
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-20794 | Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an | CRITICAL | 9.3 | 0.0% | 47 |
No patch
|
| CVE-2025-62623 | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-62624 | A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-20751 | Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2026-20879 | Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2026-41723 | Stored cross-site scripting in VMware Cloud Foundation Operations (formerly Aria Operations) allows authenticated users with policy, view, or text-widget creation privileges to inject malicious scripts that execute in other users' browsers, including administrators. Affected products include VCF Operations 5.x through 9.1.x, VMware Aria Operations 8.18.x, and VMware Telco Cloud Platform 5.x. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV. | HIGH | 8.0 | 0.1% | 40 |
No patch
|
| CVE-2026-41702 | Local privilege escalation in VMware Fusion allows authenticated users with non-administrative privileges to gain root access by exploiting a TOCTOU race condition in a SETUID binary. The vulnerability requires local access and low attack complexity (CVSS:3.1 AV:L/AC:L/PR:L), enabling complete system compromise on macOS hosts running affected Fusion versions. EPSS and KEV status data not available; exploitation requires existing local user access but can bypass all privilege boundaries once triggered. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-53475 | Credential interception in kubev2v assisted-migration-agent allows network-positioned attackers to harvest vCenter administrator credentials because the agent's vCenter client establishes TLS connections with certificate verification effectively disabled by default. The flaw, reported by Red Hat and tracked as EUVD-2026-36032, has no public exploit identified at time of analysis and an EPSS score of 0.01% (percentile 1%), but successful MITM exploitation yields full administrative access to the targeted vCenter. | HIGH | 7.4 | 0.0% | 37 |
No patch
|
| CVE-2025-62627 | An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co | HIGH | 7.2 | 0.0% | 36 |
No patch
|
| CVE-2026-41722 | Stored cross-site scripting in VMware Cloud Foundation Operations (formerly VMware Aria Operations) allows authenticated users with policy, view, or text-widget creation privileges to inject scripts that execute in the browser context of other users, including administrators. The flaw spans VCF Operations 9.x, the legacy 5.x/Aria Operations 8.18.x line, and VMware Telco Cloud Platform 5.x, with a CVSS of 8.0 driven by high impact across confidentiality, integrity, and availability when a victim admin renders the malicious content. No public exploit identified at time of analysis and no EPSS or KEV signal is provided in the input. | MEDIUM | 5.4 | 0.1% | 27 |
No patch
|
| CVE-2026-41724 | Stored cross-site scripting in VMware Cloud Foundation Operations (and the related Aria Operations / Telco Cloud Platform builds) lets an authenticated user who can create policies, views, or text-widgets inject script that executes in the browser of any user who later views the affected object, including administrators. Because the CVSS vector marks Confidentiality, Integrity, and Availability as High with Scope:Unchanged, a successful payload effectively lets a low-privileged operator escalate to administrative actions inside the Operations console. No public exploit identified at time of analysis and not currently listed in CISA KEV, but a vendor advisory has been issued by Broadcom. | MEDIUM | 5.4 | 0.1% | 27 |
No patch
|